OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

plugin for different symmetric key exchange

https://forums.openvpn.net/viewtopic.php?t=10728

Page 1 of 1

plugin for different symmetric key exchange

Posted: Thu Jun 14, 2012 3:42 pm
by igorlor
Hello everyone,

I would like to set up a different physical channel for the key exchange of my VPN and i would like to know if it's possible to do it with a plugin or if the key exchange system depends directly to openssl.

thanks in advance

igorlor

Re: plugin for different symmetric key exchange

Posted: Thu Jun 14, 2012 4:37 pm
by janjust
which key exchange are we talking about? the initial control channel connection is negotiated using TLS ; this depends on the SSL lib used (openssl or polarssl in openvpn 2.3)
the data channel key exchange is done via the control channel and is a custom openvpn thing.

Re: plugin for different symmetric key exchange

Posted: Fri Jun 15, 2012 7:53 am
by igorlor
I would like to code a homemade key exchange system. Let's say i want to do what openssl does but using another physical channel. For example: Do the key exchange using a radio communication channel and data tranfer using a DSL line.

The goal is to separate physically the control channel and the data channel. Should I change directly openssl?

Re: plugin for different symmetric key exchange

Posted: Fri Jun 15, 2012 11:13 am
by igorlor
What i would like to do is to use different physical channels for key negotiation (and maybe not using TLS). I guess OpenVPN takes keys from a OpenSSL interface, so is it possible to configure this call to use another system which involves another physical connection?

If i am not wrong both key negotiation(initial and data channel key exchange) are done by TLS/SSL.

Re: plugin for different symmetric key exchange

Posted: Fri Jun 15, 2012 9:36 pm
by janjust
I would like to code a homemade key exchange system. Let's say i want to do what openssl does but using another physical channel. For example: Do the key exchange using a radio communication channel and data tranfer using a DSL line.
this is an interesting idea but it would mean a protocol of openvpn itself; you would not have to change the openssl code but you will end up with a non-compatible version of openvpn
If i am not wrong both key negotiation(initial and data channel key exchange) are done by TLS/SSL.
the data channel key exchange is done by OpenVPN itself , not using any standard TLS/SSL techniques.

Re: plugin for different symmetric key exchange

Posted: Mon Jun 18, 2012 10:21 am
by igorlor
janjust wrote:
the data channel key exchange is done by OpenVPN itself , not using any standard TLS/SSL techniques.
Looking the code, if i create another keygen method (key_method_NEW_read() and key_method_NEW_write() in ssl.c file) which creates keys and share them over other physical channel it will be done right?


PD: Maybe i should send the question to the dev maillist?

Re: plugin for different symmetric key exchange

Posted: Tue Jun 19, 2012 12:00 pm
by janjust
PS: Maybe i should send the question to the dev maillist?
yup, please do :)
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/